Send generic responses from the api to the client or be more specific in the response?

Example: User Credentials Validation the field password sent it from the client doesn't match the password stored in the DB. Should i send a generic message in the response? like Invalid Credentials or i can be more specific like field 'password' is invalid. Same idea to others validations errors too... should i specifically tell the browser what was wrong with the request? Is there a convention in this situation? I mean... i can be specific about validation errors, others types of errors i should be more generic for security reasons.
7 Replies
theoriginalandrew
theoriginalandrew•11h ago
Are you using these responses for a user facing message or something internal for you to manage? if user facing, then I think something more generic like Invalid Credentials is just fine
vinicius!
vinicius!OP•11h ago
the browser will be receiving the responses got it
theoriginalandrew
theoriginalandrew•11h ago
user facing => what it will show in the interface internal => intercepting the API response and modifying it for the interface both go to the browser, just one is "do i modify the response" or "just give the unfiltered response
vinicius!
vinicius!OP•11h ago
ooh so yeah, it'll be something internal
theoriginalandrew
theoriginalandrew•10h ago
Now I would recommend for something like registration, that you would specify the field that is wrong like if it doesn't pass rules that you've defined, but for a login, just something generic is easier I've seen some error messages like That user wasn't found but to me that is different than saying "you didn't type something correctly," so just saying the credentials are invalid or similar feels the most accurate without accidentally giving db fields out
vinicius!
vinicius!OP•10h ago
got that thank you andrew oh i created this question in the frontend field... my bad backend would've been more appropriate
theoriginalandrew
theoriginalandrew•10h ago
i mean teeeeechnically its a frontend problem 😉
Want results from more Discord servers?
Add your server